Why is there "/proc/net/snmp" file on my device? Could it be due to a malware?

Question

After reading this paper I observed a little and I realized that an SNMP socket (exactly two: v4 and v6) exists when I use ls /proc/1/net. I see them clearly.

My question is simple, do the bootkits exist on Android? I suppose yes, if it is the case would you have documentation to recommend me at the security level? Especially the use of SNMP, is it normal? For example a use by the phone operator for material supervision? But this phone is a second hand with a different operator that does not make sense for my case.

Two days ago I asked a question here related to mediatek and strange files and files saturating the memory space. But I did not find an answer in relation to audio_dump folder in the paper of blackhat, but some matches that are cold in the back.

— mizizad | Sources

Answer

There is no piece of software that has zero probability of being infected by some kind of malware. But in general, Windows by design is more prone to infections as compared to Linux and other UNIX based operating systems. Android is also based on Linux kernel, plus it has additional security mechanisms related to booting part, such as locked bootloader and Verified Boot. So generally we don't see Android devices hijacked by bootkits.

That said, init is the very first userspace process started by kernel with PID 1. It's a generic piece of AOSP, developed by Google and not modified by phone OEMs or network operaters (AFAIK). However its configuration files *.rc can be modified / added / removed easily to start / stop services and daemons on boot.

Presence of /proc/[PID]/net/snmp indicates that your kernel has ability to support an SNMP agent if run on your device. This is common, modern kernels are built so. Alarming is if there is an agent running in background on your device, something listening on UDP port 161 from an SNMP management console. You can analyze all listening ports using netstat or ss. Both are shipped with Android.

— Irfan Latif | Sources

Q & A

Recovery chances for SD card - used as android internal memory - which got formatted by another mobile?

Is Multi-Boot Possible in Android?

Does Android Have a BIOS?

How to manually root a phone?

Is it possible to delete a file through the Google Drive app?

Remove second shutter button from S10e camera app

Activate location for "Find my Device"

Can I use different countries version of the Play Store on different accounts?

Where is Google's internal account authentication token located?

Coming back Google Play Services

Which process is responsible for capturing (mobile/WiFi) data usage?

What does vga=844 means and what other values are there?

Rocket.Chat GCM notifications not showing in LineageOS 16

"maps is offline check your network connection" on Mobile Data

Android 10 Swipe Forward

Is there a way to move apps to sd card if your phone doesnt support it?

Android Auto stopped working with Pixel 3 on Hyundai Elantra

Are RAM and storage physically located on smartphone's SoC or not?

Why would the TRWP Nandroid backups of system and vendor partitions be different between backups?

How do certain apps show new notifications when internet access is restricted to them?

Topics

2D Engines 3D Engines 9-Patch Action Bars Activities ADB Advertisements Analytics Animations ANR AOP API APK APT Architecture Audio Autocomplete Background Processing Backward Compatibility Badges Bar Codes Benchmarking Bitmaps Bluetooth Blur Effects Bread Crumbs BRMS Browser Extensions Build Systems Bundles Buttons Caching Camera Canvas Cards Carousels Changelog Checkboxes Cloud Storages Color Analysis Color Pickers Colors Comet/Push Compass Sensors Conferences Content Providers Continuous Integration Crash Reports Credit Cards Credits CSV Curl/Flip Data Binding Data Generators Data Structures Database Database Browsers Date & Debugging Decompilers Deep Links Dependency Injections Design Design Patterns Dex Dialogs Distributed Computing Distribution Platforms Download Managers Drawables Emoji Emulators EPUB Equalizers & Event Buses Exception Handling Face Recognition Feedback & File System File/Directory Fingerprint Floating Action Fonts Forms Fragments FRP FSM Functional Programming Gamepads Games Geocaching Gestures GIF Glow Pad Gradle Plugins Graphics Grid Views Highlighting HTML HTTP Mocking Icons IDE IDE Plugins Image Croppers Image Loaders Image Pickers Image Processing Image Views Instrumentation Intents Job Schedulers JSON Keyboard Kotlin Layouts Library Demos List View List Views Localization Location Lock Patterns Logcat Logging Mails Maps Markdown Mathematics Maven Plugins MBaaS Media Menus Messaging MIME Mobile Web Native Image Navigation NDK Networking NFC NoSQL Number Pickers OAuth Object Mocking OCR Engines OpenGL ORM Other Pickers Parallax List Parcelables Particle Systems Password Inputs PDF Permissions Physics Engines Platforms Plugin Frameworks Preferences Progress Indicators ProGuard Properties Protocol Buffer Pull To Purchases Push/Pull QR Codes Quick Return Radio Buttons Range Bars Ratings Recycler Views Resources REST Ripple Effects RSS Screenshots Scripting Scroll Views SDK Search Inputs Security Sensors Services Showcase Views Signatures Sliding Panels Snackbars SOAP Social Networks Spannable Spinners Splash Screens SSH Static Analysis Status Bars Styling SVG System Tags Task Managers TDD & Template Engines Testing Testing Tools Text Formatting Text Views Text Watchers Text-to Toasts Toolkits For Tools Tooltips Trainings TV Twitter Updaters USB User Stories Utils Validation Video View Adapters View Pagers Views Watch Face Wearable Data Wearables Weather Web Tools Web Views WebRTC WebSockets Wheel Widgets Wi-Fi Widgets Windows Wizards XML XMPP YAML ZIP Codes